d058c9315fc0f28741570907ab4e13f8c368e4012a459976560adacf4e4c2b68

Sharing

Copy URL

Twitter E-mail

General

Target

AhMyth_Win64.exe
Size

54.8MB
Sample

240325-ypn9ragf42
MD5

5a2e207f206b6a8567a04c7500254ce4
SHA1

0cf550d7275dce19c3ce20d77d0d49128624863d
SHA256

d058c9315fc0f28741570907ab4e13f8c368e4012a459976560adacf4e4c2b68
SHA512

ba925c12ea239ab90a42d0bc2a313818945f0b61233733cea68da4500c313f5514b784cdd996e98590379117f811fee8803d945ca1039ce5ffc941bfdb0a662f
SSDEEP

786432:SCPHEBZ+uqZLC2VYegaPk/60foYstnmPpMRcDCjIq3CO5sBKW0xIngly/hIKfeZy:ZkB6Y5ac/FAYVRDEp5nW7glQeoVvJ6y

Score

7^/10

Malware Config

Targets

- Target
  
  AhMyth_Win64.exe
- Size
  
  54.8MB
- MD5
  
  5a2e207f206b6a8567a04c7500254ce4
- SHA1
  
  0cf550d7275dce19c3ce20d77d0d49128624863d
- SHA256
  
  d058c9315fc0f28741570907ab4e13f8c368e4012a459976560adacf4e4c2b68
- SHA512
  
  ba925c12ea239ab90a42d0bc2a313818945f0b61233733cea68da4500c313f5514b784cdd996e98590379117f811fee8803d945ca1039ce5ffc941bfdb0a662f
- SSDEEP
  
  786432:SCPHEBZ+uqZLC2VYegaPk/60foYstnmPpMRcDCjIq3CO5sBKW0xIngly/hIKfeZy:ZkB6Y5ac/FAYVRDEp5nW7glQeoVvJ6y
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/SpiderBanner.dll
- Size
  
  9KB
- MD5
  
  17309e33b596ba3a5693b4d3e85cf8d7
- SHA1
  
  7d361836cf53df42021c7f2b148aec9458818c01
- SHA256
  
  996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93
- SHA512
  
  1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298
- SSDEEP
  
  192:5lkE3uqRI1y7/xcfK4PRef6gQzJyY1rpKlVrw:5lkMBI1y7UKcef6XzJrpKY
Score

1^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  17ed1c86bd67e78ade4712be48a7d2bd
- SHA1
  
  1cc9fe86d6d6030b4dae45ecddce5907991c01a0
- SHA256
  
  bd046e6497b304e4ea4ab102cab2b1f94ce09bde0eebba4c59942a732679e4eb
- SHA512
  
  0cbed521e7d6d1f85977b3f7d3ca7ac34e1b5495b69fd8c7bfa1a846baf53b0ecd06fe1ad02a3599082ffacaf8c71a3bb4e32dec05f8e24859d736b828092cd5
- SSDEEP
  
  192:eY24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35Ol+Sl:E8QIl975eXqlWBrz7YLOl+
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/WinShell.dll
- Size
  
  3KB
- MD5
  
  1cc7c37b7e0c8cd8bf04b6cc283e1e56
- SHA1
  
  0b9519763be6625bd5abce175dcc59c96d100d4c
- SHA256
  
  9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
- SHA512
  
  7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f
Score

3^/10
behavioral7 behavioral8
- Target
  
  AhMyth.exe
- Size
  
  77.8MB
- MD5
  
  4c9022cfd4a8ef4c2d15349c1d8a8a13
- SHA1
  
  083731d52f5d9a77a789e854ac2b7af9483590c9
- SHA256
  
  ee659fa884e817c3cdfe50868672a0ca376541b3e52457c406d37a8db7f5defa
- SHA512
  
  4f927c23082d811a75cab0d4c7b0b05d07bb640b3f0642d1c41992fc9ef394fe868b7362cca07ae4f3b00854a5b9a11976557e143565e5936f1890ee4e50aeb9
- SSDEEP
  
  393216:tjZ8iDLRCYHVFhyGZ+OFkjp0922Qg4wYzRWwdBybu8qWxaqliZ0GoJjw45QSCVJR:pH5rYkTxz2cTyWcL0sPdK3q9Es
Score

1^/10
behavioral10 behavioral9
- Target
  
  LICENSES.chromium.html
- Size
  
  1.7MB
- MD5
  
  0c81725be6a38f8df9b8feed8421f777
- SHA1
  
  09146930107f1fd49eaf6afbff0cbd49e30d6840
- SHA256
  
  54449495c558243f0638efaf9a70cf294c537815e999fab69aa1006768f4f250
- SHA512
  
  eae5901a1a97276106e67b7ddfb762609e04a9b96333897420e8a09aef08da7147c9fe669402405d6781704a70752bbe1a0b1cac3df4eac99853d3eb983f848a
- SSDEEP
  
  24576:+mnLiLqepwmBNu1BJrCr+KD4clkUFsQqo:+mLAXD41Qbhjqo
Score

1^/10
behavioral11 behavioral12
- Target
  
  content_shell.pak
- Size
  
  9.6MB
- MD5
  
  88876a5c274ffcc61bb037f7b6831313
- SHA1
  
  d36bb2541bb1ec302537be9dd3454e5def2400ce
- SHA256
  
  e20a142f2bb0f9016d5e9b948d37ae49f4d8a2c8b4059ac162ea12d2cc4a62c1
- SHA512
  
  4fc8e473e6bf57ff6fe19f1c25f2e22ed049dbbccca88867ecd1110fd45e3e74c3bc5cb7f052f891de600fec13a1eb0d2c4b48f008d6e5d7102a21096698dcc9
- SSDEEP
  
  49152:vUTjfHWhao9dFz3YF2j4Q+BWu+vGHMnMFcwsISvQpfomatZwaT3qb0GGRsbMFsEn:vUGeFnBW3N+07qeGGG2pLTu31hHwWnde
Score

1^/10
behavioral13 behavioral14
- Target
  
  d3dcompiler_47.dll
- Size
  
  4.0MB
- MD5
  
  b0ae3aa9dd1ebd60bdf51cb94834cd04
- SHA1
  
  ee2f5726ac140fb42d17aba033d678afaf8c39c1
- SHA256
  
  e994847e01a6f1e4cbdc5a864616ac262f67ee4f14db194984661a8d927ab7f4
- SHA512
  
  756ebf4fa49029d4343d1bdb86ea71b2d49e20ada6370fd7582515455635c73d37ad0dbdeef456a10ab353a12412ba827ca4d70080743c86c3b42fa0a3152aa3
- SSDEEP
  
  49152:8BfmqCtLI4erBYysLjG/A8McPyCD6hw16JVTW7B3EgvVlQ3LAYmyNOvGJse+aWyb:8eZevVKACOvWYQF
Score

1^/10
behavioral15 behavioral16
- Target
  
  ffmpeg.dll
- Size
  
  2.0MB
- MD5
  
  caed9da78248005149b7c8d96bd1b978
- SHA1
  
  199109bfbc23183a954f83105d9285e2901a9a70
- SHA256
  
  fb6f30a5aa7cee76db426cf590114850c7d2a78532c6725217d53132a3ba187c
- SHA512
  
  b112a3664b5e187b00e739deff640ec2ac85df012365fdb9749595e5b1ac47d87e751713c3c277e3084e35b66b525124dee6da10d05cb50353b03a35d5102e78
- SSDEEP
  
  24576:L3hO0XxVHrOpiGtNXueGAVJegM/19tYwL+HDenknOCYiaCXPPnuv0tFFGMXOrWBl:lhZrOpV9MtHPkOCYi3/uctxXOiB
Score

1^/10
behavioral17 behavioral18
- Target
  
  libEGL.dll
- Size
  
  91KB
- MD5
  
  16659111fbd6413bee25ffb67557756a
- SHA1
  
  cfa7f6148bfb7f5e7459f5fa807ff73f368d9dff
- SHA256
  
  9352d16091bbfeb8d2f255aa6db3fdb22845dd608b74121a18471a6536df1ca6
- SHA512
  
  30ea53f495dbc01e5641284b0da3a29838ddb63c69c99246cefc99d9e4690a5c621bfdd4c876a95387ffe0c156dca63d1265e06c33b0cbef5ebb9df96b841093
- SSDEEP
  
  1536:wyC8HHA4C2EWz0iUpi5nQhzpLzo4xS/q3E6ZEMoxuQRfdlLsE9dlEoS4NCbQO:wyCWHPC2EWcpi5nQRhDxS/q3E6ZEMoxq
Score

1^/10
behavioral19 behavioral20
- Target
  
  libGLESv2.dll
- Size
  
  2.4MB
- MD5
  
  d25bbef5a4cb7d646c28c05c697788ef
- SHA1
  
  d08b6406dda4e0b539c6222a87ca910bdae6af29
- SHA256
  
  b897acd9d07d1dfc05b80656cfe380843edd55954b1b02c1adc28197bc19d15c
- SHA512
  
  986fe565feb91fbc18f48061ff4bcab2469fdf7989692fc29dbb6a4b285ac064eb598ae4547748eabd0814f8f0d0bfe6eb629de285aaa1ea3ad803e4d621aa66
- SSDEEP
  
  49152:B7V8ExROdT6Bm/EFi27Wsh53hpCi0CyCSCieMPIkEBeWBNnXQMfziC517rc:B58eBKC5qMfn4
Score

1^/10
behavioral21 behavioral22
- Target
  
  natives_blob.bin
- Size
  
  334KB
- MD5
  
  a58db728b50e6b82cbdcaa0db61d36b1
- SHA1
  
  7cd76526cb29a0ff5350a2b52d48d1886360458b
- SHA256
  
  ba2f2ac6ae9bc67399728f25772a0eb3e840695395cc747adf4b2f8b5d6d9a46
- SHA512
  
  0db9afbdada44364521d89bab6055458125f4f3c8c1b09048eafa4055a194231ccffd82fcdada9360ab2b19f472b893330ebfcb027391e7a0c2b1100fc51e673
- SSDEEP
  
  3072:zRAHowF2N4C56MQIi6dD3nhvAwlFUPcm4s9r4V7d+SSo3:zRAHowF2N4C56MQD6dD3nhnlFUPcm4F
Score

1^/10
behavioral23 behavioral24
- Target
  
  node.dll
- Size
  
  18.3MB
- MD5
  
  3f20cfa72a2b41b7a5449d0612e7a51b
- SHA1
  
  bdcc951461c29f51a657c4b5eee567075c35f97a
- SHA256
  
  53bbaa82858a6cc6a66653f52611b47201262f9254d40a28ea89a0684db4d2e6
- SHA512
  
  512afa4cc9ba806964c9838714027d3624942c6e68b652789d47d862d683533d2264d1178da8f839957a2d898ad5545edd7e5fde040cd747013d383d1d117597
- SSDEEP
  
  393216:RFrOFRwOGv1RgIwhwP+bXLuiGsjUfa5X/XyjzGG962qQouhHbelqslR0HNtibanP:wTrgbAI
Score

1^/10
behavioral25 behavioral26
- Target
  
  pdf_viewer_resources.pak
- Size
  
  140KB
- MD5
  
  e194a32fdf0a700f19e7dedda5bd4759
- SHA1
  
  c54ac90bbebea55e4e5645675728c3ce0871a703
- SHA256
  
  7a42228190983ac5cf572ad417cd4a49a1b555e305648f01794068ca15e0e293
- SHA512
  
  06c76427a40ffb275c1fa62326cbefb2fac8ce0d39f4fee366104a741922fb199805cf5b895dcf19cfce795fe9210550147e9e5cc6bf8d4251a5332fe1a17bbf
- SSDEEP
  
  1536:mH7VjD6ZmFtqswc30/9MDodCMllHxHqHFJAEN3rojvPVycWz:lZmFtqDy0lMDoMMllRKlarM9z
Score

1^/10
behavioral27 behavioral28
- Target
  
  resources/app.asar.unpacked/node_modules/node-notifier/bin.js
- Size
  
  2KB
- MD5
  
  8f7c9d597be4b1d6ded85859bbc674b7
- SHA1
  
  54629a7a5bb7cdc6ace653ceab1ad53c18814051
- SHA256
  
  74942e8ac7e6f032521d0b1d28c140332eaab93e495a3b077fefe75e49a654cb
- SHA512
  
  d76b821c5aaddc52fc7a81b7b74228f267aba82a20df57d999667a469134fcc0b462b506894946171a2985afd818970be462cbce0a217c4cc96e4673b3fe92fa
Score

6^/10

antivm
- Checks CPU configuration
  Checks CPU information which indicate if the system is a virtual machine.
  antivm
- Reads CPU attributes
behavioral29 behavioral30 behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Targets

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Checks CPU configuration

Reads CPU attributes

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32